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Theorems for Free!" ( Wadler 1989 1 is a slogan for a technique that allows to derive statements about 



functions just from their types. So far, the statements considered have always had a purely extensional 
flavor: statements relating the value semantics of program expressions, but not statements relating 
their runtime (or other) cost. Here we study an extension of the technique that allows precisely 
statements of the latter flavor, by deriving quantitative theorems for free. After developing the theory, 
we walk through a number of example derivations. Probably none of the statements derived in those 
simple examples will be particularly surprising to most readers, but what is maybe surprising, and at 
the very least novel, is that there is a general technique for obtaining such results on a quantitative 
level in a principled way. Moreover, there is good potential to bring that technique to bear on more 
complex examples as well. We turn our attention to short-cut fusion (Gill et al.|1993 i in particular. 



1 Introduction 



Based on the concept of relational parametricity (Reynol ds|l983 ), Wadler ( |1989| ) established so-called 
"free theorems", a method for obtaining proofs of program properties from parametrically polymorphic 
types in purely functional languages. For example, it can thus be shown that every function f::[a]—> [a] , 
with a a type variable, satisfies 



/ (mapList g xs) = mapList g (f xs) 



(1) 



for every choice of g :: X\ — > %2 and xs :: [Ti], with Ti and T2 concrete types, where: 



mapList :: (a — >• j3) — > [a] -)■ \fi] 

mapList g [] = [] 

mapList g (x : xs) = (g x) : (mapList g xs) 



Statements of that flavor have been used for program transformation (Gill et al. 1993 ; Svenningsson 2002; 
Voigtlander 2009a), but also for other interesting results ( Voigtland er |2008 [ Bernard y et al.|2010a l. 

So far, free theorems have been considered a qualitative tool only. That is, statements like ([TJ 
have been established as extensional equivalences or semantic approximations in a definedness order, 
and in fact a lot of research has gone into what definedness and/or strictness conditions are needed 
on the involved functions in various language settings and into extending the approach to richer type 
systems ( [Launchbury and Paterson||1996| |Johann and Voigtlander||2004| |Stenger and Voigtlander||2009 ; 
Voigtlander||2009b[ |Christiansen et al.|2010[ |Bernardy et~aLl|2010b| ). It is natural, though, to ask about 
the quantitative content of free theorems in terms of program efficiency. In a statement like ([TJ, what 
is the relative performance of the left- and right-hand sides? If we can answer such questions formally, 
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this will clearly be of particular interest for the mentioned program transformation applications, where 
statements about efficiency have so far only been made informally or empirically. 

In this paper, we lay the ground for formal such investigations. The challenge, of course, as for 
standard free theorems, is to work independently of concrete function definitions, just as ([T]) depends on 
only the type of /. To this end, we revise the theory of relational parametricity, essentially marrying it 
with the classical idea of externalizing the intensional property "computation time" by making it part 
of the observable program output, and thus accessible to semantic analysis ( |Wadler|[l988[ Bjerner and 



Hormstrom||1989[ |Rosendahl|1989[ |Sands||1995| ). Our vision is to eventually integrate our results into a 



tool like http : //www-ps . iai . uni-bonn . de/cgi-bin/f ree- theorems- webui . cgi to enable au 



tomatic generation of quantitative free theorems for realistic languages. 

To start simple, let us consider some examples. We begin with / :: a — > Nat. The standard free 
theorem derived from that type is that for every g :: Z\ — > z 2 and x :: T\, 

f{gx)=fx (2) 

In fact, absent nontermination, it is even possible to conclude that / is a constant function, i.e., for some 
n :: Nat, / is semantically equivalent to (Xx — > n). If we take program runtime into account, then there 
is another degree of freedom, in addition to picking the natural number n. Namely, two functions of type 
a — > Nat can then differ in how long they take before providing their output, because clearly a function 
that no matter what the input is immediately returns 42 is to be considered different from one that does 
the same after IV2 million years. Even so, since the same / occurs on the left- and right-hand sides of Q, 
we can intuitively argue that the right-hand side will never be less efficient than the left-hand side (while 
it may be more efficient in that it avoids an application of g). On the extensional semantics level, such 
invariance, namely that different / may use different n in (Xx — > n), but the different instantiations of a 
single polymorphic / at the types x 2 and T\ on the left- and right-hand sides of ([2]) may not, is exactly 
what relational parametricity provides. Our task is to formally transfer this argument to the mentioned 
second degree of freedom, concerning program runtime. 

As soon as we do consider runtime, we also have to talk about evaluation order. For the example ([2]), 
we can make more precise statements if we know whether function application is call-by- value or call- 
by-name/need. In the former, strict case, the right-hand side of (|2]) is actually more efficient than the 
left-hand side, because the very real cost of applying g is saved. In nonstrict languages, in contrast, 
the left- and right-hand sides of ([2]) are to be considered equally efficient since from the type of / we 
claimed that the function never looks at its argument (extensionally / = {Xx — > n) for some arbitrary but 
fixed n), so the potentially costly inner application {g x) on the left-hand side is never actually evaluated. 
Such issues, and the required reasoning, become more interesting as the types considered get more 
complicated. For example, for the type / : : a — > a — > a and the associated free theorem 

f{gx){gy)=g{fxy) (3) 

the situation is the same as for (|2]), i.e., the right-hand side is more efficient in a call-by-value language, 
while no difference is observable with call-by-name/need. But for the type / :: a — > (a, a) and free 
theorem 

f (gx)= mapPair (g, g) (f x) (4) 

where 

mapPair :: (a ->■ y,/3 ->■ 8) ->■ (a,j8) -> (7, 8) 
mapPair (fi,f 2 ) {x\,xi) = (f\ x\Ji x 2 ) 
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the situation is rather different: under call-by-value and call-by-need the left-hand side is more efficient, 
while under call-by-name the left-hand side is for sure not less efficient than the right-hand side, but 
whether it is actually more efficient depends on what runtime cost we associate with mapPair^j In 
summary, the relationships between the runtimes of the various left- and right-hand sides claimed above 
are as follows: 





/::a-> Nat 


/ :: a ->■ a ->■ a 


/:: a -> (a, a) 




f{gx)=fx 


f (g x) {gy)=g{fx y) 


/ (g x) = mapPair (g,g) (f x) 


call-by-value 


lhs > rhs 


lhs > rhs 


lhs < rhs 


call-by-name 


lhs = rhs 


lhs = rhs 


lhs < rhs 


call-by-need 


lhs = rhs 


lhs = rhs 


lhs < rhs 



In this paper we concentrate on call-by- value. From the above, one could jump to the conclusion that 
then the answer to the question which of the two sides of a free theorem is more efficient depends only on 
the numbers of syntactic occurrences of g. However, this simplistic view breaks down if one considers 
types that allow more diverse behavior, like f :: a — > a — > (oc,OC) or indeed example ([I]). Also, even for 
the cases considered above, one should not be deceived by the apparent obviousness of the analysis. For 
example, that any function / :: a — > a — > a is, by its type alone, not only forced to extensionally be one 
of the two possible (curried) projections (a fact that can be proved using standard free theorems), but 
also prevented from causing different costs in different concrete invocations is a nontrivial property that 
requires proof. To emphasize this point, consider a function / :: Nat — ► Nat —> Nat. Even if we knew that 
extensionally this function is equivalent to either (Xx y — > x) or (Ajc y — >• y), or even if we knew to which 
of the two, there would be absolutely no way to conclude which if any of / (g x) (g y) and g (f x y) is 
more efficient for general g :: Nat — >• Nat and x,y :: NatQit is only the polymorphism in / :: a — > a — > a 
that allows such analysis, and what we seek here is the appropriate formal theory as opposed to just the 
suggestive examples given above. 

While the above table may suggest that we are going to prove only comparative statements, actually 
we will be able to make more precise quantitative statements about the relative costs of left- and right- 
hand sides of free theorems. For example, for / :: a — > a — > a, in the call-by-value setting, we will not 
only deduce that the left-hand side / (g x) (g y) takes more time than the right-hand side g (f xy), but 
will also obtain that the cost difference is exactly either the cost of applying g on x (without the cost of 
evaluating x itself) or the cost of applying g on y (without the cost of evaluating y itself). 



2 A polymorphically typed lambda-calculus 

For formal investigation, we use a relatively small toy language that nevertheless captures essential as- 
pects relevant for our intended analysis. The syntax and typing rules are given in Figures [T] and [2j 
respectively. There, a ranges over type variables, x,y over term variables, and n over the naturals. The 
language is explicitly typed, the notation for type annotations is "::", while ":" is the cons operator for 
lists. The operators lfold (corresponding to Haskell's/o/<ir) and ifold are used to express structural recur- 
sion on lists and naturals, respectively. (General, potentially nonterminating, recursion is not included 



'in principle, one could replace mapPair (g,g) (f x) by let {y\,yi) = f X in (g y\,g y-i) and consider let-binding to be 
cost-neutral, in which case / (g x) and the given replacement would be equally efficient under call-by-name. For call-by-value 
and call-by-need such replacement has no real impact, since for them a whole application of g is saved on the left in any case. 
For example, / could be a function that first counts down its first argument to zero, before finally returning its second 
argument. Then, by choosing g and x appropriately, one could make either of / (g x) (g y) and g (f xy) arbitrarily more costly 
while not affecting the other one at all. 
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t ::= a | Nat | (t, t) | [t] | t — > z 

t ::=x\n\ case t of {0 — > t\x — > t} \ t + t | [] T 1 1 : ? | case? of {[] — K ;x :x — > t} \ 
(t,t) | case? of {(x,x) ->t}\Xx::T.t\tt\ lfold(t, t,t) \ ifold(t, t,t) 

Figure 1 : Syntax of the calculus 

r,x::Thx::T Th?i::Nat rh[] T ::[t] 

rhfi::Nat rh? 2 ::Nat Thf::Nat n-ft::T r,x :: Nat h t 2 :: T 



rh(fi+f 2 ) :: Nat rh (case ? of {0 ->■ ?i ;*->■ ? 2 }) " T 

rhfi::T rh( 2 ::[T] rh?::[Ti] ThtiiiT F,x:: z h y :: [ti] \~h :: t 



rh (?i :f 2 ) :: [t] rh (case? of {[] -> ?i ;x :y-» t 2 }) :: T 

rh/i::Ti rh? 2 ::T 2 ri-f :: (ti,t 2 ) r,x:: Ti,y ::t 2 hti :: t 



Th (f b ? 2 ) :: (ti,t 2 ) Th (case? of {(x,y) -+ti}) :: T 

T,x :: Ti hf :: T 2 rh fi :: n -> T 2 Thf 2 ::Ti 

rh (Xxy.Ti.t) ::ti ->t 2 rh (fi f 2 ) :: t 2 

rh?i :: Ti -+T 2 ->■ T 2 Th? 2 ::T 2 rh? 3 ::[Ti] 
rhlfold(?i,? 2 ,? 3 )::T 2 

Thfi-T-^T Th? 2 ::T Thf 3 ::Nat 



rhifold(?i,? 2 ,? 3 )::T 
Figure 2: Typing rules 

for simplicity.) For example, the function mapList from the introduction is defined in our calculus as 
follows: 

mapList = Xg :: (a — > p).Xys :: [a].lfold(Ax :: a.Xxs :: [/3].(gx) :xs, []/3,ys) 

and satisfies a,/3 h mapList :: (a — )• j8) — > [a] -» [j8]. 

Semantically, types are interpreted as sets in an absolutely standard way, see Figure [3] (where 6 is 
a mapping from type variables to sets). There is also a standard denotational term semantics, shown in 
Figure |4J which satisfies: if T h t :: X, then \i\ a E \x\q for every a with a(x) E |VJe for every x :: t' 
in T. 

The key to relational parametricity, and thus to free theorems, is to provide a suitable interpretation 
of types as relations. The standard such type-indexed family of relations for our setting so far, defined 
by induction on the structure of types, and called a "logical relation", is given in Figure [5] (where p is 
a mapping from type variables to binary relations between sets). Note that we use juxtaposition (f x), 
instead of f(x), as notation for applying mathematical functions (mirroring the syntactic application on 
term level). Also, we use the following definitions: 

/|/f [] (7?) = {([x 1 ,...,x n ],[y 1 ,...,y n ])|«ENAV/E{l,...,n}. (x h j{)eR} 
lift {) (R u R 2 ) = {((x 1 ,x 2 ),(yi,y 2 )) | (*i,yi) E 7?i A (x 2 ,y 2 ) E R 2 } 
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lcc}e = Q(cc) (an arbitrary set, fixed in B) 

I N a t ] e = N (the naturals) 

IMJe = {[ x i>---i x n] | « G NAV/ G {1,...,«}. Xj G [t]] } (the free monoid over a set) 

[(Ti,T2)]e = [Tile x [T2le (the Cartesian product of sets) 

[ti — > T^Je = [T2le (the mathematical function space between sets) 

Figure 3: Standard type semantics 



[xj a = o(x) 

IcaseroflO^,,;.^,}!^/'* »«•=• 

[Ma[^n] if[f] a =n,n>0 

[fl+fela = [*lla + [fe]|c 

[[]t]o = [] 
[*l :^Ja = [[?ila,vi,...,v„] with Ma = [vi,...,v„] 

[«-..-{[H«,;,:^*>l. = {*t »W'=P 

[ U2]<r[^T ll 3»-f[v2,...,Vn]] lf Plff = [ y l' • • • , v„], n > 

[(filler = (Ma, Na) 
lease r of {(x,y) ->• fi}^ = Ma^v^^] with Ma = (vi,v 2 ) 
[Ajc::T.f] a =Av.[f] <r[ ^ T ] 

Pi f 2 ] a = Ma Ma 
[lfold(fi,f 2 ,f3)la = Ma vi ([fila v 2 . . . ([fi] a v n Ma) • • •) with [f 3 ] = [v 1; . . . ,v„] 
[if0ld(fi,? 2 ,?3)la = Ma(Ma ---(Ma Ma)---) 

V v ' 

[f 3 ](j times 

Figure 4: Standard term semantics 



A a , P =p(a) 

A Nat,p = id® 
A [r],p = ##[]( A T,p) 

A (ti,t 2 ),P = ^(,)( At i>P> At 2,p) 

a Ti ^t 2 , p = {(f,g) | V(x,y) G A Tl)P . (f x,g y) G A T2iP } 

Figure 5: Standard logical relation 
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To derive free theorems, all one needs is the following theorem ( Reynolds|1983||Wadler|1 989). In it, 



Rel denotes the collection of all binary relations between sets. (Later, we also use Rel{S\,S2) to denote 
more specifically the collection of all binary relations between sets 5i and 52.) 

Theorem 1 (standard parametricity theorem). If T h t :: T, then for every p, 0\, 02 such that 

• for every a inT, p(oc) E Rel, and 

• for every x :: %' in T, (c\ (x), <72(x)) E A T /p , 

we have (pj ffl , {tj a2 ) E A T;P . 

Our aim now is to provide an analogous theorem for a setting in which computation costs are taken 
into account. For doing so, we clearly first need to develop the underlying semantic notions (and then a 
suitable new logical relation). 

3 Adding costs to the semantics 

As already mentioned in the introduction, we want to study the call-by-value case here. That is, we 
consider the presented lambda-calculus as a small core language of a kind of strict Haskell or pure ML. 

In order to reflect computation costs in the semantics, we first revise the set interpretation of types. In 
addition to a value, every semantic object now has to carry an integer representing some abstract notion of 
costs incurred while computing that value. Such integers (actually naturals would suffice for the moment, 
but the added generality of negative numbers comes in handy later on) need to be added only at top-level 
positions of compound values, thanks to our restriction to strict evaluation. For example, the costs of 
individual list elements are not relevant ultimately, only the cost of a whole list, because anyway there is 
no means to evaluate only a part of it (as there would be in a nonstrict language). The only place where 
"embedded" costs are relevant is in (the result positions of) function spaces, because there it is really 
important to capture which actual function arguments lead to which specific costs in the output. Formally, 
we define a variant of the mapping from Figure [5] in Figure [6] where ^(S) = {(x,c) | x E S Ac G Z}. 
That new mapping, [•]]', does not itself capture top-level costs. But ultimately, instead of the earlier 
[?]<j E [t] q we will have that a term t of type T is mapped, by a new term semantics, to an element of the 
^{■yiifting of [t]' 9 . 

Our new term semantics (changed from Figure [4]) follows the same spirit as the instrumented seman- 



tics of Rosendahl (1989). Essentially, the cost integers are carried around and just suitably propagated, 
except where we decide that a certain semantic operation should be counted as contributing a cost of its 
own. Here we assign a cost only to the invocation of functions, so we add a cost of 1 in the interpretation 
of lambda-abstractions Jj The formal definition is given in Figure[7] The helper function > defined in the 
figure adds, in c > x, the cost c to the cost component of semantic object x. The other helper functions 
are cost-propagating versions of data constructors and function application. Syntactically, > and : are 
right-associative, is left-associative, and > has higher precedence than the other semantic operations. 
Now we have that if F h t :: T then [?]£ E ^(Mg) for every 6 mapping the type variables in T to sets 
and a with a(x) E [[t'J'q for every x :: t' in T. 

Example 1. Let length = Xxs :: [a].lfold(Ax :: a.Xy :: Nat.l +y,0,xs). We calculate the semantics of 
length[Nat/a] (1:2: []Nat), where [Nat/a] denotes syntactic substitution of Nat for all occurrences of 



3 Other possible places to put extra costs would have been the data constructors and case-expressions. Actually, we have 
found that our general results, in particular Theorem[2] are unaffected by such changes. 
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[«]{, = 0(a) 
[Nat]' e = N 

[[T]];={[x 1 ,...,x n ]|«GNAVie{l,...,4x i GW;} 
[(Tl,T2)l' e = [Tll' e x[T 2 l' e 

[T 1 -^]{, = tf(te]' fl ) lT,li 

Figure 6: Type semantics with embedded costs 



K = (a(x),0) 
H ff = (n,O) 

r , f/n , ,110 \ C >M% if pE = (0,c) 

[case f of {O-Wi ;*-*&}]£ = ■{ |0 

^i+?2^ = (ni + n2,c 1 +c 2 ) with[fi]* =(n ljC i), [fel& = (n 2 ,c 2 ) 
KM* = ([],<>) 



[case* of {[]-+fi;*:y-* &}]£-. 



c>[*i]& ifW^ = ([],c) 

^Mt^wfo,..,*]] if Wo = ([vi, • . , v„],c), n > 



where 



[case r of {(x,y) -+ h }f a = O^]^^, with \tf a = ((vi,v 2 ),c) 

[Ax::wf ff = (Av.l>W^ v] ,0) 

pfoW(f 1 ,f 2j r3)l^ = (ci+C3)>((gV 1 )0((gV 2 )0...((gV I1 )0[^)...)) 
With fa}*, = (g,Cl), fo]£ = ([vi,...,Vn],C3) 

pfold(? 1 ^ 2 ,?3)l ff = (ci+c 3 )>((g,O)0((g,O)0...((g,O)0p 2 ^)...)) 

V v ' 

n times 

with[fi]£ = (g,ci), N^ = (n,c 3 ) 



c\>(\,c') = (v,c + c') 
x: xs = ([v,vi,...,v„],c + c') withx = (v,c), xs = ([vi,...,v„],c') 
(xi,x 2 ) =((vi,v 2 ),c + c / ) withxi = (vi,c), x 2 = (v 2 ,c ; ) 
f0x = (c + c')l>(gv) withf = (g,c), x= (v,c ; ) 

Figure 7: Term semantics with costs 
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A«, p =p(a) 

A Nat,p = '^N 

^],p = ^[](a;, p ) 

A k-),P = %)K,P> A kp) 

K^r 2 , P = {(f,g) I V(x,y) € A' TI)P . (f x,g y) e <^K )P )} 

Figure 8: Logical relation with embedded costs 

a, as follows: 

{(Xxs :: [Nat].lfold(Ajc :: Nat.Ay :: Nat.l+y,0,xs)) C 1 ■ 2 ■ [WJe 
= (Av.l>[lfold(A*:: Nat.Ay:: Nat. 1+y, 0,xr)l f^ v] ,0) ([1,2], 0) 
= 1 >pfold(Ajt :: Nat.Ay :: Nat.l +y,0,xy)Jf^ [1(2]] 
= 1 >(((Ax.(Ay.(l + y, 1), 1)) 1) (((Ax.(Ay.(l + y, 1), 1)) 2) (0,0))) 
= l>((Ay.(l + y,l),l)0l>(l + O,l)) 
= l>(l + l + l)>((Ay.(l + y,l)) (1 + 0)) 
= (2,5) 

Exactly the five required beta-reductions (once for Xxs :: [Nat] and twice each for Xx :: Nat. Ay :: Nat) 
have been counted. 

Note that due to the way we handle polymorphism, a \t\ a can be element of ^([tJ' ) and ^([fjg ) 
for completely different d\ and 02- For example, \{Xx :: Of jc)]J is (g,0) where g maps v € S to (v, 1) E 
^(S), for every set S. (We denote by an empty mapping.) 

Lemma 1. Let T\- t :: X, where T contains no term variables. For every type variable a, type z' not 
containing type variables, and 6 mapping the type variables in T\{a} to sets, we have It [t'/oj]]]^ G 

^{lr[T'/a]f e ). Moreover, [xtf/a]}^ = M g[a ^ [T ,y 9 y and while [f]§ is an element of ^{\x\' e[a ^ s] ) for 

arbitrary S,for the specific case S = [t'J^ we have [fjg = {t [t'/oc]]©- 

We also note some simple properties of the semantic operations; these properties will henceforth be 
used freely without explicit mention: 

• c\>c'\>x = (c + c')\>x • c\>(x 1 ,x 2 y = (d>X!,X 2 ) = (x 1; c>x 2 ) 

• c>(x :** xs) =c[>x :^ xs = x : c>xs • c>(f0x)=cl>f0x = f0cl>x 



4 New relational interpretations of types 

Now we also need a new interpretation of types as relations, i.e., a new logical relation. We get directions 
by comparing the set interpretations from Figures [3] and [6] There, a difference only appears for the 
output side of function arrows, namely the codomain is lifted to a costful setting. We try the same on 
the relational level and thus transform the logical relation from Figure [5] into the one given in Figure [8] 
where <#(R) = {((x,c), (y,c)) | (x,y) GRAc € Z}. 
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A1 P =^(P(«)) 

A Nat,p = "fc(N) 

4lp=^[]«p) 
A^ T2 , P = {(f,g) I cost® = costfe) AV(x,y) G A^ p . (f x,g y) e A^ p } 



where 



^f ] (^) = {([xi,-.-,Xn] ,[yi,...,yn] )|nGNAVJG{l,...,«}. (x,,y,)e#} 
W* Q (S* 1 ,g$) = {((x 1 ,x 2 )*,(j 1 ,Y 1 )*) | (x 1;yi ) G/Jf A(x 2 ,y 2 ) G/??,} 

and [xi, . . . ,x n ] abbreviates Xi : . . . : x n :* ([],0). 

Figure 9: Fully cost-lifted logical relation 

Note that p in Figure[8]still maps to "normal" binary relations between sets, rather than to ^(^-lifted 
ones. In turn, the [-J^-semantics of terms will be related by the c <o {^-lifting of A'. Indeed, a proof very 
similar to that of Theorem[T] by induction on typing derivations, establishes the following theorem. (The 
proof is sketched in Appendix [A]) 
Theorem 2. IfT \- t :: x, then for every p, G\, <5% such that 

• for every a inT, p(oc) G Rel, and 

• for every x::x' in T, (C\ (x) , O2 (x) ) G A' T , , 

wehave(ltf Cl ,ltfa 2 )^nK,p)- 

One of the key cases in the proof, for function application, uses that (f,g) G ^(A^^. p ) implies 

V(x,y) G ^(A' T[ p ). (f x,g y) G "if (A^ „). Note the subtle differences here to the definition of A' Tl ^ T2 p 
in Figure[8J namely the "rf (•) -lifting on both A' Ti ^ T2 . and A' T] p , and hence the use of (f x,g y) instead 
of (f x,g yj. Working fully on the ^(-)-lifted level is also preferable in later derivations of free theorems 
(based on the logical relation), so it seems a good idea to provide an alternative definition of relational 
interpretations of types that does not mix unlifted (like A' T[ p ) and lifted (like ^(A'^ „)) uses. However, 
we have to be careful, because the "implies" in the first sentence of the current paragraph is really just 
that: an implication, not an equivalence. In order to give a direct inductive definition for "^(A' .), we 
need exact characterizations. For the case of function types, the following lemma is easily obtained from 
the definitions, where, in general, cost((\,c)) = c. 
Lemma 2. (f,g) G V(K^ 2 ,p) ** ™st(f) = cost{%) AV(x,y) G V(A' Tup ). (f x,g y) G «K 2]P ) 

Using similar characterizations for the other cases, we arrive at the new logical relation given in 
Figure [9j which is connected to the one from Figure [8]by the following (inductively proved) lemma. 
Lemma 3. For every x and p, ^(A' T p ) = A£ p . 

Together with Theorem [2| we immediately get: 
Corollary 1. IfT h t :: T, then for every p, (j\, 02 such that 

• for every a inT, p(oc) G Rel, and 

• for every xv. x' inT, ((ai(x),0), (a 2 (x),0)) eA^, 
wehave({tf ai ,ltf a2 )€Al p . 
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5 Deriving free theorems 

Now we can go for applications of Corollary [T] to specific polymorphic types, in order to derive cost- 
aware statements about terms of those types. First, we need some auxiliary notions. In addition to 
cost((\,c)) = c we define va/((v,c)) = v, and for every f G ^(^ (S2) ') and x G ^(5i), for some sets 
S\ and S2, appCost(f,x) = cost(( x) — cost(x). Also, a standard way of deriving free theorems is to 
specialize relations (those mapped to by p) to the graphs of functions. In our setting, we have to be 
careful to get the '"^(-) -lifting level" right. Moreover, since in our derivations of free theorems we will 
need to have access to information about the costs associated to specific function arguments and results, 
it is helpful to make specialized relations as tightly specified as possible. Hence, instead of the full 
function graphs commonly used, we will go for finite parts thereof. So given sets 5i and 52, a 'rf (-)-lifted 
function g G %f(^(5 2 ) 5l )> and ^(-) -lifted values xi, . . . ,x n G ^{S\), with n G N, we define: 

R x u ...^, = {(val(xi),val(g xO), . . . , (val(x n ),val(g x n ))} G Rel(S u S 2 ) 

The crucial property, directly derived from definitions, (and a simple corollary of it) we are going to 
exploit about /? Xl ,...,x n can be given as follows (under the given conditions on 5i, 52, g, and Xi, . . . ,x n ): 

Proposition 1. Let x G ^(5i) and y G ^{Si). Then (x,y) G ^(Rxt,...,^) if and only if there exist i G 
{1,. . . ,72} and c G Z such thatx = c > appCost(g,X{) >Xj andy = c>(g Xj). 

Corollary 2. Let x G ^(5i) and y G SoiS-i). If(x,y) G ^(R Xl ,....x n )> tnen there exists i G {1, . . .,«} such 
that g x = appCost(g, Xj) > y. 

Let us now derive a first concrete free (improvement) theorem, for one of the types from Section[T] 

Example 2. Let some term / be given with a h / :: a — > a — > a. By Corollary [T] we have: 

By the definition of the logical relation in Figure |9]this implies: 

W G Rel, (x,y), (x',y' ) G tf(«). ([f]| x x', \J% y y') G <rf (/?) 
Specialization of R gives: 

V5i,5 2 sets,g G < ^(^(5 2 f 1 ),x 1 ,x 2 G ^(5j). 

v(x, y ), (x'y) g ^(/? X1 , X2 ). ([/IS x * < I/IS y * y') e ^(«i, A ) 

From this follows, by Proposition [T] 

V5i,5 2 sets,g G ^(^(S 2 ) Sl ),x 1 ,x 2 G <*f(5i). 
([/IS (<931pCos/(g,Xi)>Xi) (appCost{g,x 2 )>x 2 ), \f\% (g Xj) (g x 2 )) G tf(*g lA ) 

which in turn implies, by Corollary |2j 

V5 l7 5 2 sets,g G ^(^(5 2 ) Sl ),xi,x 2 G if(5i). 3i G {1,2}. 
g^ (E/la^ (a/?/?Co^(g,x 1 )>x 1 ) (appCost(g,x 2 ) >x 2 )) 
= appCort(g,xO >([/!§ (g Xi) (g x 2 )) 

which simplifies to: 

V5i,5 2 sets,g G ^( < ^(5 2 ) Sl )> x i> x 2 e if(5i). 3c G {a/;>pCoj?(g,x 1 ),appCo^(g,x 2 )}. 

C>(g ([/IS X! X 2 )) = [/IS (g Xi) (g x 2 ) 
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By using the definitions from Figures [6] and [7] and Lemma [T] we can conclude that: 

Vti,t 2 types,g :: n -► % 2 ,h :: z u t 2 :: Ti- 3c G {<¥pCorf([g]|,[ft]|),afpCo.rt(Ig]|,[fel|)}. 

This certainly means that the right-hand side of ([3]) in the introduction is more efficient than its left-hand 
side. Indeed, after defining "v E v'" as "3c > 0. c > v = v"' (or, equivalently, "va/(v) = val(\') Acost(\) < 
cost(\')"), we can conclude from the above that: 

Vti,t 2 types,g :: Tj -»■ t 2 ^i :: Ti,t 2 :: Ti. [g (/[Ti/a] ?i fe)]| E [/[T 2 /a] (g fi) (g fe)]§ 

In the interest of readability, we will sometimes blur the distinction between syntax and semantics a bit, 
and additionally keep type substitution (for instantiating polymorphic functions) silent, so that the above 
conclusion would be written as simply 

g(fht 2 )Qf(g tl )(gt 2 ) (5) 

To emphasize again that we crucially exploit polymorphism, recall from the introduction that a 
corresponding statement does not hold for / :: Nat — > Nat — >• Nat. Even if [[/Jg = \Xx :: Nat. Ay :: 
Nat.yjo in the cost-free semantics, there can be g :: Nat — > Nat and t\,t 2 :: Nat such that, of course, 
val{\g (f h h)%) = valdf (g h) (g fe)J|) is true, but § is false. 

Let us now move on to other examples, like Q in the introduction. First, we define mapPair = 
ImapPair}^ for some reasonable rendering of the mapPair-f unction in our calculus. Then, we can 
give analogues of Proposition [I] and Corollary [2] for pair-lifting, given sets Si, S 2 , S3, and 54, < ^'(-)- 
lifted functions g G ^{^{S 2 f l ) and h G ^{^(S 4 ) Si ), and ^(-)-lifted values X!,...,x„ G V{S\) and 
yi, • • • ,y m e tf(S 3 ), with n,m e N. 

Proposition 2. Let p G tffa x 5 3 ) and q G <T(S 2 x 5 4 ). Then (p,q) G ^( )) C^(^l 1 ,... >Xn ), , ^(^y 1 ,... ) y m )) 
if and only if there exist i G { 1 , . . . , n}, j G { 1 , . . . m}, and c G Z smc/i f/iaf p = c > appCost (mapPair 
(g,h)', (xi, yj )«) >(xi, yj ) W q = c>(mapPair (g,h)* (x ljyj ) ). 

Corollary 3. Let p G ^f(5i x S3) and q G <«f(S 2 x S 4 ). Vjf(p,q) G /i/i f ? ) (^(4,... A )X(^ 1 ,..,yJ) 1 **«* 
f/icrc cxz's? 2 G {1, . . .,«} a«c? 7 G {1,. .. ,m} such that mapPair (g^) p = a/?/?Ca??(mapPair 
(g,h)*,(x,, yj )*)>q. 

Now we can deal with example types involving pairs. 
Example 3. Let some term / be given with ah/:: a —> (a, a). By Corollary [I] we have: 

yReRel.(lfJllfJt)GA^ {ama ^ R] 
By the definition of the logical relation and specialization of 7?, this gives: 

V5i,5 2 sets,g G ( rf('^{S 2 ) s, ),x 1 G <T(Si). 
V(x,y) G ^(Rl). {{ft x, {fit * y) 6 ^f (if (/&),«?(/&)) 

From this follows, by Proposition [T] and Corollary[3} 

V5i,S 2 sets,gG < r( , r(5 2 ) Sl ),xiG'r(Si). 
mapPair (g,g)* ([/Jg (appCost (g,Xi) >Xi)) 
= appCo^(mapPair (g,g) , (x 1)Xl )*) >([/]* (g Xl )) 

which due to the certainly nonnegative difference appCost (mapPair (g,g) , (xi,xi) ) — appCost(g,xi) 
simplifies to: 

Vti,T2 types, g :: Ti -)• T 2 ,f :: Ti. / (g ?) E mapPair (g,g) (ft) 
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Example 4. Let some term / be given with ah/:: (a, a) — > a. Using Corollary [11 the definition of the 
logical relation, and Proposition^ and Corollary for /?f lX2 , we get: 

V5i,5 2 sets,g G ^(^(5 2 ) 5l )> x i) x 2 G «%Si). 3c G {a/7pGw?(g,xi),a/?pCart(g,x 2 )}. 
g0 ([/^0a^C^(mapPair0(g,g)^,(x 1 ,x 2 ) )>(x 1 ,x 2 )^) 
= c>([/]§ (mapPair0 (g,g)* (x lt x 2 )*)) 

and thus: 

Vti,T2 types, gv.Zi -^ r 2 ,t :: (zi,Ti). g (ft) E / (mapPair (g,g) t) 

In order to also be able to deal with example types involving lists, we define mapList = [mopLwfJn 
for mapList as given in Section[2] Then, we give analogues of Propositions T]2 and Corollaries |2|3[ given 



sets Si and S 2 , a <*f (-)-lifted function g G tf(tf(S 2 ) Sl ), and <^(-)-lifted values x l5 . . . ,x n G ^(5i), with 

Proposition 3. We have (xs, ys) G ///??, (X (/?!],... !X „)) ifaw/ only if there exist m G N, i\ , . . . , i m G {1 , . . . ,«}, 
and c G Z smc/j that xs = c > a/?/?Cast(mapList g, [x^ , . . . , Xj m ] ) D> [xjj , . . . , Xj m ] and ys = c > (mapList 

g 0[x il ,...,x ira ]« i ). 

Corollary 4. /f (xs, ys) G ///ff, (^(R^ x „)). #»£fl ?/zere exz's? m G N ancf /i , . . . , i m G {1, . . . ,n} such that 
mapList g xs = appCost (mapList g, [xt i; . . . ,Xi m ] ) Oys a«<i va/([xi-,, . . . ,xi m ] ) = val(xs). 

Note that the final conclusion in the corollary, val([xi 1} . . . ,Xj m ]^) = vaZ(xs), keeps a bit more infor- 
mation than we have cared to keep in Corollaries [2] and [3] The reason is that this information will be 
useful in Example [6] below. 

Example 5. Let some term / be given with ah/::[a]-> Nat. Using CorollaryfTJ the definition of the 
logical relation, and Proposition B^for /J^,.,.^, we get: 

VSi,S 2 sets,g G tf(tf(S 2 ) Sl ),n G N,x 1; . . . ,x n G ^(Sy). 
\f\l appCost(mapUst g, [xi, . . . ,x„] ) > [xi, . . . ,x n f = |/|| (mapList g [xi, . . . ,x n ] ) 

and thus: 

\/Ti,T2 types, g:: Ti -+T 2 ,t :: [zi].ft Qf (mapList g t) 

Example 6. Let some term / be given with ah/::[a]->[a]. Using Corollary [T| the definition of the 
logical relation, and Proposition^ and Corollary ffl for R\ x Xn , plus simplification, we get: 

VSi,S 2 sets,gG^(^(S 2 ) 5l ),?iGN,x 1 ,...,x n G < ^(Si).3mGN,/i,...,r m G{l,...,«}. 
a/^Cos?(mapList g, [x 1; . . . ,x„] ) > (mapList g (|/|§ [x 1; . . . ,x n ] )) 
= appCos?(mapList g, [x h , . . . ,x im ] ) >{\f\% (mapList g [x 1; . . . ,x n f)) 
Aval([x h ,...,x im Y)=val(lff a 0[x 1 ,...,x a r) 

In order to continue now and derive a statement about the relative efficiencies of mapList g (f t) and 
/ (mapList g t), for types Ti,T 2 , function g :: if — > T 2 , and list t :: [ti], we would need further infor- 
mation about <2/?/?Co.s?(mapList g, [xi, . . . ,x n ] ) and appCost (mapList g, [x^, . . . ,x\ m Y). This cannot 
be provided generally, but a number of useful observations is possible. For example, we know that the 
elements x^, ... ,Xj m form a subset of {xi, . . . ,x n }, and hence that evaluation of mapList g (f t) does 
not incur g-costs on elements other than those already encountered during evaluation of/ (mapList g t), 
though of course a different selection and multiplicities are possible. Moreover, if we assume that g 
(actually, g) is equally costly on every element of t (on every x,), or indeed on every term of type T\ (on 
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every element of "^{S\ )), then we can reduce the question about the relative efficiency of mapList g (f t) 
and / (mapList g t) to one about the relative length of t and / t, to which an answer might be known 
statically by some separate analysis. Also, note that with some extra effort it would even have been 
possible to explicitly get our hands at the existentially quantified m and h,... ,i m , namely to establish 

that[i 1 ,...,i m ]=v«/([/]^([l,...,n],0)). 

Let us also briefly comment on applying our machinery to an automatic program transformation that 
is used in a production compiler ( Gill et al.|1993[ though in a call-by-need setting, the mainstream Glas- 



gow Haskell Compiler). The cost-insensitive content of the underlying "short-cut fusion" rule, typically 
proved via a standard free theorem, can be expressed in our setting as follows, for every choice of types 
T and z', polymorphic function g :: (t — > a — > a) — > a — > a, and k :: z — > z' — > z' and z '■'■ z'\ 

val(ima(k,z,g[[T]/a] (Ax:: z.Xxs :: [z].x:xs) [],)%) = val(\g[z'/a] k z %) 

The desirable statement, and certainly the intuitive assumption by which application of short-cut fusion 
in a compiler is usually justified, would be: 

pfidd(*,z,s[[T]/a] (Xx:: z.Xxs:: [z].x:xs) [],)]§ 3 \gtf/a] kz% (6) 

We could even hope to quantify the c > such that [lfold(£,z, . . .)]§ = c>[g[T'/a] k z}l holds, possibly 
expressing c in terms of the length of the intermediate list va/([[g[[T]/o;] (Xx :: z.Xxs :: [t].x : xs) []r%)- 
But, maybe surprisingly, ([6]) does not actually hold in general. The reason is that g may "use" its argu- 
ments for other things than for creating its output. For example, with T = Nat, g could be the function 
Xk :: Nat — > a — > a.Xz :: a.(Xx :: a.z) (k 5 z). Then: 

1. On the one hand, lfold(&,z, . . .) incurs no costs at all from applying a concrete k :: Nat — y z' — y z' 
to any values, because g[[Nat]/a] is only applied to (Xx :: Nat.Xxs :: [Nat]jc : xs) and []Nat during 
its evaluation, leading to the empty list as intermediate result which is then processed by the lfold. 

2. On the other hand, g[z' /a] k z does incur costs for evaluating the application k 5 z, even though 
the resulting value is eventually discarded in (Xx :: a.z) (k 5 z). Moreover, since we are free to 
choose k (and z) however we want, we are certainly free to make that application k 5 z arbitrarily 
more costly than the corresponding application (Xx :: Nat.Axs :: [Nat].* : xs) 5 []i\| at contributing 
to the cost of [Q above. 

Hence, the right-hand side of Q can be made arbitrarily more costly than its left-hand side. (The same 
behavior can be provoked in Haskell using the seg-primitive.) It is possible to constrain g in such a 
way that ([6]> actually holds, and indeed all "reasonable" functions to be used in short-cut fusion can be 
expected to satisfy the condition thus imposed on g, but spelling out the details is left for future work. 

6 Conclusion 

We have developed a notion of relational parametricity that incorporates information about call-by-value 
evaluation costs, and thus allows to derive quantitative statements about runtime from function types. 
The mechanics of deriving statements that way are a bit more involved than in the purely extensional 
setting, but we are optimistic that automation like for http : //www-ps . iai . uni-bonn . de/cgi-bin/ 
free- theorems- webui . cgi (Bo hme|2007 ) is possible here as well. 



As already mentioned, the exact way in which we assign costs to different program constructs does 
not appear to impact the overall approach much. Hence, we could also work with more detailed and 
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realistic measures, as for example in the work of |Liu and Gomez ( 2001 ). Of course, we are also interested 



in moving from a call-by-value setting to a call-by-name/need one, and in extending the results for our 
calculus to a calculus with general recursion. 
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A Proof Sketch of Theorem |2] 

The proof is by induction over the typing derivation, i.e., we have to consider the derivation rules in 
Figure[2j In the proof we use the same names for the environments as in Theorem|2](i.e., p, 0\, oi) and 
assume the conditions on them that are given in Theorem[2]are satisfied. We show just three cases. 
In the case 

r,x :: T \- x :: z 

the second condition in Theorem0ensures that (<jj (x) , 0% (x) ) £ A' and hence it holds that ( |x] % x , lx} % 2 ) 

= ((a 1 W,0),(a 2 (x),0))isin^;, p ). 



In the case 



F,x :: Ti \~t :: T 2 
rh (Xx :: X\.t) :: %\ — > Xi 



we have 



(lXx::T l .tf a] ,lXx::r l .tf a2 )e^(K l ^ 2 . P ) 
^((Av.l>W ffl[ ^ v] ,O),(AvM>W^ [w] ,O))G^(A; i ^ 2 , p ) 

^v(vy) g < iP . (l >W^,i >W ff2[ ^) e nK 2 , P ) 
^v(v,V) e a; iP . (w^, m^) e ^(a; 2iP ) 

where the last line is the induction hypothesis. 

In the case 

T\-ti :: Ti ->t 2 ri-? 2 :: i\ 

r\-(t l t 2 )::z 2 
we reason as follows: 

(lht 2 V ai ,hhJi 2 )enK 2!P ) 

^V(x,y) etf«, p ). fl/ilS, 0x,[/ilg s 0y) e^(A' T2:P ) 
HMU^) ^(a;^ T2jP ) 

The last line is the first induction hypothesis, the last implication is by Lemma |2| and the second last 
implication by the second induction hypothesis. 



